/mail.log or some variation.
Default logging includes sender and recipient info for rejected messages.
If you need to know what Mailscanner did with some message, you'll need
to ask on a Mailscanner list where to find and how to interpret its logs.
-- Noel Jones
.example1.com,... are all the same machine these days.
Maybe in your shop... Postfix is used in a wide variety of
environments, some of them have more than one computer.
-- Noel Jones
=reject
# accept only sasl_authenticated, reject all else
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o mynetworks=127.0.0.0/8
# show postfix-submission in the log
-o syslog_name=postfix-submission
# for DKIM signing
-o milter_macro_daemon_name=ORIGINATING
-- Noel
documentation:
http://www.postfix.org/MILTER_README.html
http://www.postfix.org/SMTPD_POLICY_README.html
and here are some commonly used software:
http://sourceforge.net/projects/sid-milter/
http://www.postfix.org/addon.html#policy
http://www.openspf.org/Software
-- Noel Jones
I believe
Sadly, no.
-- Noel Jones
Gerard wrote:
On Mon, 1 Jun 2009 10:39:31 -0300 (UYT)
Miguel Da Silva - CMat mdasi...@cmat.edu.uy wrote:
Good news.
[snip]
Is there any possibility that Brazil might adopt an anti 'top posting'
protocol also?
Paul Cocker wrote:
-Original Message-
From: Noel Jones [mailto:njo...@megan.vbhcs.org]
postfix. Note that some sites consider the address probes
you have enabled a form of abuse - if you send too many of
them them, they will blacklist you. You might want to turn
that feature back
entries, do so coherently.
-- Noel Jones
such as example.invalid.
Some related documentation:
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/STANDARD_CONFIGURATION_README.html
-- Noel Jones
for localhost.localdomain or literally use
localhost.localdomain.
-- Noel Jones
Jon wrote:
Noel Jones wrote:
At 03:24 PM 2/7/2007, Dick Middleton wrote:
Is it possible to manually bounce a message in the deferred queue
so preempting the normal retry/timeout period?
I've got a message sitting in the queue trying to connect to a
non-existent server. The sooner it gets
as requested.
-- Noel Jones
Sending from external clients and further internal subnets (which aren't
directly connected to the internal NIC and not in $mynetworks) runs without
problems.
Postfix 2.3.8
will add To:
undisclosed-recipients:; if the To: header is missing.
-- Noel Jones
maybe you should describe your project in more detail.
Thanks,
Mayuresh
-- Noel Jones
must be indented!
/^/
reject_rbl_client zen.spamhaus.org
reject_rbl_client foo.example.com
reject_rhsbl_sender list.example.org
-- Noel Jones
.
-- Noel Jones
by the interaction of the
default value of virtual_alias_domains = $virtual_alias_maps
and a static map in virtual_alias_maps. That made every
domain match the virtual_alias_domains lookup.
Just a funny interaction with a seldom-used configuration.
-- Noel Jones
Wietse Venema wrote:
Wietse Venema:
Noel Jones:
Don't bash OP too hard. He got bit by the interaction of the
default value of virtual_alias_domains = $virtual_alias_maps
and a static map in virtual_alias_maps. That made every
domain match the virtual_alias_domains lookup.
Just a funny
from another config. Anyway,
does anyone know whey mydestination isn't seeing the
hash:/etc/postfix/custom/mydestination entry?
probably because you have mydestination defined multiple times
in main.cf
-- Noel Jones
by the sending MTA.
http://www.postfix.org/postconf.5.html#milter_default_action
-- Noel Jones
accepted recipient will have NOQUEUEID, after that a QUEUEID
will be listed.
A message may be rejected by smtpd_{data,
end-of-data}_restrictions, in which case a QUEUEID will have
already been created.
-- Noel Jones
Stefan Palme wrote:
On Fri, 2009-06-12 at 12:41 -0500, Noel Jones wrote:
A QUEUEID is created when the number of accepted recipients
for a message is greater than zero.
In the case of a multi-recipient message where some recipients
are accepted and some rejected, recipients before the first
seen some
domains with hundreds of MX records (one for each host in a
/24). This hasn't caused any noticeable problem.
PS. looks as if your workstation clock is 1h fast.
-- Noel Jones
unaltered
postconf -n and unaltered logging demonstrating the problem.
-- Noel Jones
can't
compare From: To:.
You can use a policy server such as postfwd to compare
envelope sender vs. recipient, or a content_filter such as
spamassassin to compare the headers.
I understand that legitimate users wouldn't be able to send themselves email,
but that fine with me.
-- Noel
Terry L. Inzauro wrote:
Noel Jones wrote:
Terry L. Inzauro wrote:
List,
I operate a backup mx for one of my customers. In doing so, I have run
into an issue where I must accept all email regardless
of weather or not the messages is destined for a valid email account
in my customers email
on another port
including the milter options, and configure your mailman to
submit to that port.
-- Noel Jones
. This rejects ~10% of
connections before RBL lookups, with one single client
whitelisted from this rule. YMMV and all that.
-- Noel Jones
= localhost.localdomain
and I do mean localhost.localdomain literally.
-- Noel Jones
still
have problems, please show the full log entry.
-- Noel Jones
is this a problem?
-- Noel Jones
.
What problem are you trying to solve?
-- Noel Jones
Peter Micunek wrote:
On Wed, 17 Jun 2009 08:33:41 -0500, Noel Jones wrote
Peter Micunek wrote:
Hi All,
is it possible to add empty line to the mail body?
I tried to do that via body_check and PREPEND:
/^\.$/ PREPEND
However I do not know what I should write after PREPEND
#reject_unauthenticated_sender_login_mismatch
see the docs above and list archives for examples.
-- Noel Jones
snipping.
-- Noel Jones
their delivery along with the legit mail.
My recommendation is to just implement greylisting and skip
this nonsense.
-- Noel Jones
Noel Jones wrote:
Steve wrote:
Hi List,
What is the quickest, easiest (and scriptable) way to have Postfix defer
everything with a 4xx error. It's an extension to my 'after midnight'
tests. Not allowing any connections is fine, but I would prefer to
reject with a custom 4xx message such as GO
using procmail or maildrop or some other third-party
delivery agent, you might be able to convince it to lie about
where the mail went. Check their docs.
-- Noel Jones
to the
retry: transport.
# transport
example.com retry:down for maintenance
The real solution is somewhat more complicated. Set up a
separate postfix instance with a very long
maximal_queue_lifetime, and use transport_maps to send all
their mail there.
-- Noel Jones
SID, here are a few:
http://www.postfix.org/addon.html#policy
http://www.openspf.org/Software
-- Noel Jones
looks like this:
smtpd_milters = inet:127.0.0.1:9967
-- Noel Jones
, but that doesn't really make any
difference here since you shouldn't be rejecting anything anyway.
-- Noel Jones
to use
amavisd-new.
http://www.ijs.si/software/amavisd/
For phishing, I like the Sanesecurity addon signatures for
clamav, find info here:
http://www.sanesecurity.co.uk/usage.htm
Not sure what you want with tnef...
-- Noel Jones
from
external relay
You didn't make the changes suggested.
Add the IP of the external relay to your mynetworks setting.
In your smtpd_recipient_restrictions, replace
reject_unauth_destination with reject
-- Noel Jones
very much for Your help.
With regards,
R.
-- Noel Jones
EASY steve.h...@digitalcertainty.co.uk wrote:
On Tue, 2009-06-23 at 15:52 +0200, Ralf Hildebrandt wrote:
* The Doctor doc...@doctor.nl2k.ab.ca:
I am contemplating howto use spamassassin effectively with postfix.
Usually we use amavisd-new
Depends how often you want to keep restarting it.
, many others find it
reliable and robust.
There are probably a dozen or so widely used proxy/milter
programs that use SpamAssassin (and even a few that use other
methods) that can block mail pre-queue. That fact alone tells
us that there is no universal best choice.
-- Noel Jones
for the milter_header_checks feature.)
-- Noel Jones
of time. There's usually better ways to block unwanted mail.
-- Noel Jones
price.
-- Noel Jones
? Is there an
other way to test for being an open relay or should I feel safe about
this?
Add relay_domain = to your main.cf. It does prevent a minor
problem.
*postconf -n*
no glaring errors.
-- Noel Jones
.
ln -s /home/mail/email/private/samilter / # run
from /home/mail/email ???
I find it easier to use inet: sockets rather than unix:
sockets for milters.
No chroot, path or permission issues...
-- Noel Jones
whitelist:
69.74.116.40 OK
... probably in the wrong place. The whitelist must be before
the offending rule.
For more help, show output of postconf -n
-- Noel Jones
reject_non_fqdn_recipient
reject_unknown_sender_domain reject_unknown_recipient_domain permit
OK. Nothing here to cause the rejection you reported. I see
Ralf is looking at your master.cf, we'll see what he says.
-- Noel Jones
.
This would cause the reject as you see it in the log :)
Jesse,
You may find it helpful to add
-o syslog_name=postfix-smtps
to the above options to differentiate logging from the smtps
service.
-- Noel Jones
fake...@fakessh.eu wrote:
hi list
hi all
dkimproxy I can not specify that only selector.
how to have multiple signatures DK
multiple number selectors
thanks for all your feedbacks
both dkim-milter and amavisd-new support multiple dkim
selectors. They both work well.
-- Noel Jones
of
this list are invaluable.
http://www.postfix.org/documentation.html
-- Noel Jones
. Postfix should
handle things pretty well up to several thousand deferred
messages. If you're expecting tens of thousands of deferred
messages, then maybe a script to defer_transports or to put
everything on HOLD until the network is back up.
-- Noel Jones
the network is
back up anyway, they don't serve any purpose for us. On the other hand,
in the best of all worlds, I'd like the messages themselves to stick
around.
Sounds like the best solution is just set a really long
$maximal_queue_lifetime
-- Noel Jones
Linux Addict wrote:
On Thu, Jun 25, 2009 at 2:22 PM, Sahil Tandon sa...@tandon.net
mailto:sa...@tandon.net wrote:
On Jun 25, 2009, at 2:06 PM, Linux Addict linuxaddi...@gmail.com
mailto:linuxaddi...@gmail.com wrote:
On Thu, Jun 25, 2009 at 1:41 PM, ghe
table is matching web.de.
Test with (all one line in case it gets wrapped):
# postmap -q web.de mysql:/etc/postfix/mysql_virtual-domains.cf
-- Noel Jones
guarantees a QUEUEID will
be unique within the current queue. As soon as that file is
released, that same id can be reused any time.
I've seen postfix reuse a QUEUEID within just a few minutes.
-- Noel Jones
fake...@fakessh.eu wrote:
I have a strange error that I do not understand
I have the impression of having set dkimproxy well
Apparently dkimproxy isn't using the selector you want.
This doesn't look like a postfix problem, you'll need to ask
on a dkimproxy support forum.
-- Noel Jones
permit_sasl_authenticated
reject_unauth_destination
... whitelist goes here ...
... UCE checks here ...
-- Noel Jones
of postfix will likely support some sort of
low-resource front end for prescreening of clients.
... stay tuned.
-- Noel Jones
smtpd_restriction_classes = LOG_OK
LOG_OK =
check_client_access regexp:/etc/postfix/mylog
permit
# mylog
/^/ WARN whitelisted
Then use LOG_OK rather than OK in your access tables.
-- Noel Jones
=regexp:/path/add_my_header
# add_my_header
/^/ PREPEND X-Custom: my header
-- Noel Jones
be a
good choice.
-- Noel Jones
as the final entry. These non-indexed maps are read top to
bottom, first match wins.
a regexp/pcre catchall looks like:
/^/ REJECT comment...
a cidr map catchall looks like:
0.0.0.0/0 REJECT comment...
http://www.postfix.org/pcre_table.5.html
http://www.postfix.org/cidr_table.5.html
-- Noel
Jan P. Kessler wrote:
Noel Jones wrote:
postfix-l...@monmouth.com wrote:
The postconf(5) manage says: 'a result of OK is not allowed for
safety reasons.'
Is there a way to bypass this?
No.
Is it possible to use permit_auth_destination here?
No, nothing that resolves to an OK or permit
separate cleanup
services in master.cf for different header_checks; see the
archives). If you're already using a content_filter, you get
this for free.
Maybe there's a content_filter or milter that can do what you
need; mimedefang is a first guess.
-- Noel Jones
take the i out.
Jason
No need to escape - or :, and postfix turns on the /i flag
by default - adding the flag to a postfix expression turns on
case sensitivity.
http://www.postfix.org/pcre_table.5.html
Rob's trouble is he forgot the : at the end of the header name.
-- Noel Jones
headers, or maybe it hasn't opened those
mailboxes yet.
At any rate, neither you nor postfix should ever add those
headers.
-- Noel Jones
section.
-- Noel Jones
connections, this won't help. In that case you need to
provision for the load.
-- Noel Jones
treatment
example.com smtp:example.local
# /etc/hosts - host IP mapping
10.1.2.2 example.local
10.1.2.3 example.local
Or you can define example.local in your local DNS server.
http://www.postfix.org/transport.5.html
-- Noel Jones
Wilson A. Galafassi Jr. wrote:
Hello,
Yes. I want to do load balancing. How i can implement this in postfix?
# main.cf
relayhost = [relay.local]
# /etc/hosts
10.2.2.2 relay.local
10.2.2.3 relay.local
-- Noel Jones
referred to is
pointless.
-- Noel Jones
the message (sends it to
/dev/null)?
Than you,
This should work...
# main.cf
# accept anyu...@anydomain
relay_domains = static:ALL
# throw it away
smtpd_end_of_data_restrictions = static:discard
# safety net
default_transport = discard
test before sending it a million messages...
-- Noel
, check_sender_access,
check_recipient_access, check_etrn_access) before End-of-data
restriction static:discard
Sorry, it should be
smtpd_end_of_data_restrictions =
check_client_access static:discard
-- Noel Jones
or
two ago.
-- Noel Jones
.
Suspects are a firewall at the ISP, or a firewall in front of
postfix.
As a general rule, you'll have better luck using the
'submission' port 587 to send mail from home networks or
hotspots. Uncomment the 'submission' entry in your master.cf
and stop/start postfix to enable it.
-- Noel Jones
.html#milter_header_checks
See the header_checks man page for syntax and available
actions. Currently, PREPEND is not implemented.
http://www.postfix.org/header_checks.5.html
-- Noel Jones
multiple instances of postfix.
All versions of postfix support manually-configured multiple
instances, but postfix 2.6 and later includes built-in tools
to make creating, using, and managing multiple instances easier.
http://www.postfix.org/MULTI_INSTANCE_README.html
-- Noel Jones
with a transport map
pointing to the fax software interface, and the address
extension is the phone number.
Or better, use a subdomain:
num...@fax.example.com
either way, use smtpd_*_restrictions to restrict access to the
recipient.
-- Noel Jones
on. Maybe some firewall/router is interfering
with TLS.
If it's windows, google openssl for windows
You might have better luck using the submission port 587
rather than 25.
-- Noel Jones
Daniel L. Miller wrote:
Daniel L. Miller wrote:
Noel Jones wrote:
either way, use smtpd_*_restrictions to restrict access to the
recipient.
What kind of allow restrictions would make sense as I am looking to
receive from a domain I do not control (e.g. Intuit)? Would
check_sender_access
Daniel L. Miller wrote:
Noel Jones wrote:
Sahil Tandon wrote:
On Tue, 07 Jul 2009, Sahil Tandon wrote:
On Tue, 07 Jul 2009, Daniel L. Miller wrote:
So...my initial thought was I'd have to create a public Internet
name for the fax gateway, and apply some level of security to only
accept
earlier. That means the problem is at the sending
end. Either your computer (antivirus software sometimes
messes with smtp/TLS) or a firewall at the location you're
sending from.
-- Noel Jones
OK, I give on the top-posting.
Turn off your antivirus for testing, or try a different computer.
-- Noel Jones
New Old Stk wrote:
Noel
Server is real. It does look like problem at my end however I have
replaced modem+router (DrayTek + Cisco ASA) with generic Zoom ADSL
modem and still
,
and valid recipients are defined in relay_recipient_maps. Do
not define your internal groupwise domains in mydestination.
If you need more help, show postconf -n and log entries
demonstrating the problem.
-- Noel Jones
the milter
cannot be contacted. If you want to accept mail that fails
DKIM, see the dkim-filter documentation.
-- Noel Jones
a
policy server with warn_if_reject to see what affect it will have.
-- Noel Jones
server instead.
-- Noel Jones
if it is a name server timeout, then I think this is always
handled by a 450 response. In my case the mail was rejected.
Yes, temporary errors always get a 450 response.
-- Noel Jones
...@atlas.cairodurham.org by the time it
arrives in my inbox.
Don't use a CNAME in a mail address.
-- Noel Jones
= no
unknown_local_recipient_reject_code = 450
Change this to 550 once postfix correctly recognizes valid
recipients.
-- Noel Jones
, make sure there aren't
any catch-all mappings.
-- Noel Jones
is to add SpamAssassin and
let it decide which mail to discard.
I suppose you could use a sufficiently flexible postfix policy
service - maybe postfwd - to discard mail with DNS SERVFAIL.
I also expect that will eventually bite you in the buttocks.
-- Noel Jones
Martijn de Munnik wrote:
Hi,
On Jul 13, 2009, at 7:57 PM, Noel Jones wrote:
Martijn de Munnik wrote:
smtpd_recipient_limit = 25
only if you have 25 or fewer users.
I thought this means a user can send an e-mail to 25 users max at once?
After $smtpd_recipient_limit + 1 RCPT
is with creation or
submission.
-- Noel Jones
201 - 300 of 3787 matches
Mail list logo
